Help with unknow user logged in via ssh?
Orrby
Posts: 5 Freshman Member
I have a Nas540 and i have a problem with someone logged in via ssh i think, and i dont know if any files are compromised but i have seen about 15-20 torrents added in transmission?
A year ago i had the ransomware in my nas, textfiles in every folder that told me to pay... I moved all my files and did a factory reset.
Now i have done a reset (3 beeps) and after i have set a new admin password and config the network i se already after 10 min i have another user logged in?!
Ssh is disabled, but someone is logged in?!
I´m not a very good computer guy but i tried the ssh with putty and listed the users, what user should be there? I only have the "admin" and created one "Olle" the rest is stock after a reset?
What should i do?
0
All Replies
-
Do you have portforwards to your NAS? I see two external IP addresses in the 'Current Connections' list (one Swiss, one Danish), in normal conditions that shouldn't be possible.BTW, you can list all connections from the command line usingnetstat -tnOther shell logged in users can be seen withwhoalthough that is not watertight.Your passwd doesn't look alarming to me. As the intruder seems to be logged in as admin, it doesn't matter either. You have a strong password on admin, I hope?Can you post the list of running programs, the output of 'ps'? (In PuTTY you can copy text by just selecting it with your mouse. Everything selected is on the clipboard)0
-
Are you using transmission when check the login status?
Maybe you can try to stop the task on the transmission and check if there is still other users.
0 -
Thanks for helping, yes i have ports open for transmission, closed it and no other are now connected.Must have been years ago i opend those ports, i use it for adding torrents from transdroid in my phone. Any ideas for port or is it my bad password who is the faulty one?0
-
Maybe you can try to capture packet when doing transmission and see if there is any ssh packet.0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight